[c-nsp] recommended Cisco router/firewall for 10 to 100Mbps, dual homed
Peter Rathlev
peter at rathlev.dk
Wed Jan 30 14:35:31 EST 2008
BTW: Those numbers are for 64 byte packets, so "real life" performance
in Mb/s is a little better. It doesn't change the fact that the 2821 and
NBAR probably won't do a lot more than 10-20 Mb/s.
Regards,
Peter
On Wed, 2008-01-30 at 20:15 +0100, Peter Rathlev wrote:
> Hi Patrick,
>
> The 2821 the Jim mentions theoretically does 87 mbps @ 170 kpps when
> fast/CEF switching. Add NBAR and you probably end up a lot nearer the
> router's process switching performance of 5.8 mpbs @ 11.5 kpps.
>
> It really depends a lot on what kind of traffic, what kinds of
> classification and so on. If you have a 10 Mb/s connection now and
> average is no more than about 6 Mb/s a 2821 would probably be fine most
> of the time. If you need to NBAR ~60 Mb/s average you probably need a
> 7200 NPE-G1 or similar. (It'll do 500 Mb/s CEF switched, ~40 Mb/s
> process switched.)
>
> Regards,
> Peter
>
>
> On Wed, 2008-01-30 at 13:49 -0500, Jim McBurnett wrote:
> > A 2821 would work nicely..
> > For true 100 Meg that may be stretched..
> > It has Gig E interfaces...
> >
> > If you want full tables add some RAM...
> > YMMV..
> >
> > Jim
> >
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net
> > [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Patrick
> > Giagnocavo
> > Sent: Wednesday, January 30, 2008 12:13 PM
> > To: cisco-nsp at puck.nether.net
> > Subject: [c-nsp] recommended Cisco router/firewall for 10 to 100Mbps,
> > dual homed
> >
> > Hi
> >
> > Currently I am using an OpenBSD box which has given no problems, as a
> > router/firewall for some colocated systems.
> >
> > However, I would like to take advantage of some of the Cisco features
> > like NBAR, and the FTP proxy code (systems needing FTP with the
> > OpenBSD router lose most of their firewall protection because the FTP
> > proxy is not very good, so we just open a large range of ports).
> >
> > We are using 10Mbps currently but want to buy something that can
> > handle 100Mbps as that is the next jump we will make.
> >
> > Would a non-VXR 7204 do it? 1841? We don't need VPN sessions, but
> > being able to SSH into the Cisco would be preferred.
> >
> > Cordially
> >
> > Patrick Giagnocavo
> > patrick at zill.net
> >
> >
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list